career in it security

i have a question as to whether a person without a technical
qualification can attempt for a career in it security? i am from
a totally different background but have got interest to get into
it security. Its understandable that a position in security
would not be feasible unless i have a domain experience but will
my 'non technical' background have an effect with respect to
getting a job in it.. and will certifications in security be a
solution to this.

Popular White Paper On This Topic

Although I think it is a little easier for someone with a technical
background to be successful in information security, by no means is it a
requirement!

I firmly believe that you will be successful if you are passionate about the
discipline, no matter what your background is. I have consistently hired
people who had the "intangibles" over the people who had the technical
experience and this has served me very well.

Read, read, read. Dig, dig, dig. Learn everything you can and challenge
yourself. There are many topics in the field of information security that
do not directly relate to technical solutions. Information security
certifications are a "plus", but do not guarantee anything.

hey thanks a million for replying. I know that sounds a little
weird but have been posting my queries 2 a lot of sites but with
no avail. Moreover u have given me a ray of hope . Just one more
question can you list out a couple of courses or languages that
i should be aware of to build my career in this field.

Security touches a lot of areas and not all of them are exceptionally
technical. I spend a lot of my time working with business processes that
create security holes. You don't have to have 20 years experience with
networking hardware to work with those crucial areas of the enterprise.
Even "technical" skills covers a wide variety. There's the obvious
network device angle. System admins spend a lot of time elbow deep in
server and desktop configs. Programmers can do a lot to secure their
code. Database gurus can have a big impact on security. Business-side
folks can do a lot of they analyze what they do, how they do it and why
they do it the ways they do.

Take what you know and work from there. There's no single road into a
career in security. Bring your own knowledge and strengths to the table.

Why is it then that so many companies wont' hire security people unless t
hey
have a huge amount of experience, a Phd or a Masters degree in computing
sciences and then offer them a misery salary when they do meet those
expectations? Perhaps that is one the reasons for these savvy people to t
urn
into 'black hat hackers and do damage instead of dedicating their knowle
dge
to save companies money. I recently graduated with a Bachelors degree in
Information Systems Security, but am having a hellacious time trying to g
et
hired. The fact that I am 57 years old, and Hispanic just add salt to the
wound. I honestly believe I should have gone into a different field. ISS
,
to you I say .

I think a lot of people get too fixated on job title when it comes to
working in security. Security is still in sort of an interesting place
-- compliance requirements are increasing, as are the number of laws and
regulations. IT itself is seeing an increase in automation and certain
sectors do a lot of outsourcing, whether it be overseas or simply having
a vendor provide certain services. Security doesn't have a single
'natural' home. The person configuring the firewalls and designing the
network has a key security duty, but that person might be on an
network/operations team and not in a "security" department. Access
controls might be handled by a sysadmin, a DBA or an account manager.
Policy and risk assessments might come from a security office or it
might be an off-shoot of Compliance or Risk Management. BCP/DR might be
handled by a subset of IT or it might be located somewhere else in the
business.

Security skills are of growing importance and are slowly being found
throughout an organization, but perhaps not in a "Security Department".
Depending on what the company hiring "security people" are looking for,
experience comes into play not simply within security. Sure, that's
great, but what have you done outside of a "security" job that is
security related? I've only had the word "security" in my title for two
years, but I have about eight years of security experience across a
variety of roles. I've been a sysadmin, I've worked on the database
side, I've done some BCP/DR and I have a lot of experience analyzing
business processes for security holes, etc. Leverage what you have and
look for an opportunity to demonstrate your entire portfolio of skills
in a way that earns you the latitude to pursue some of your security
interest.

The most important thing to remember is that security isn't an end unto
itself. Security is all about managing risk within the framework of the
business mission. Look at how security fits in the larger picture, think
that way and you'll find yourself a step ahead of many.

I have neither a PHD nor Masters degree and have made a very good living in
the field. I do have 12+ years of experience however. I came up through
the ranks from Help Desk to Windows Admin to Network Admin to Manager of
Network Services to Information Security Engineer to Information Security
Manager to Information Security Officer. Sheesh a lot of movement, but
movement towards specialization.

I have seen more than my share of worthless PHDs and Masters degrees. What
most colleges teach are skills that I do not need. The question I ask
myself when interviewing someone is "What can this person do for me today?"
and "What can this person learn to do for me tomorrow?" Believe it or not,
most of the information security personnel I hire have less than three years
of direct information security experience. I would rather mentor someone
into "good" security habits than try to undo some bad ones.

Some companies don;t have any idea what they really want,
or how to look at people. Back in the old days (2000) I
interviewed with a company that wanted 8 years experience
with ".NET". Unless they planned to steal people directly
out of Microsoft, there wasn't anyone with 8 years
experience since the product was just getting accepted at
that time.

Most head hunters work directly with the manager requesting
the people not the people in HR with ZERO IT experience and
only know how to map a resume to a list of buz words on a
job description.

One option which is quick is if you have ever been bonded,
be sure to put that on the resume somewhere.

BTW, where (as in what State, City) is your search focused?
Are you willing to relocate?

Do not see your problem as a racist issue. I am a colored person from African American race, I have a degree in science related course and MBA in project Management and a wealth of experience in IT hardware, networking and security. My experience span almost 11 years now. I spent a full year in the US with no job, not until I have sat for certifications in MCSE 2003:Security. When I finished the last exam and uploaded my resume, the volume of call I received changed dramatically. After a two weeks, I got a job, not as security expert but software analyst.

See, there are times, when we want somethings, and sadly we don't get them. But as long as you are hard working, focused and diligent in your work, keep trying, use all the internet job search, try and take one or two certifications in security, either security+ or mcsa: security, I bet you, you will be hired in no time.

College certificate is not a passport to getting job anymore, employers want experience, value and dedication, I will say most do not learn that from college. Distinguish yourself and you will see a window of opportunity that you will fit, control and enjoy. Do not be overwhelmed by age, colour or race, just keep working hard, you will definitely get there! Sometimes job search require patience and sheer resilience and a high dose of positive attitutde matched innovations. Your opportunity might be next door, keep thinking, keep strategizing, I can tell you in no time, you will get there.

Copyright 1998-2015 Ziff Davis, LLC (Toolbox.com). All rights reserved. All product names are trademarks of their respective companies. Toolbox.com is not
affiliated with or endorsed by any company listed at this site.